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(54) Title: METHOD FOR SECURE TIME-STAMPING OF DIGITAL DOCUMENTS 



(57) Abstract 

A system for time-stamping a digital document is disclosed which pro- 
tects the secrecy of the document text and provides a tamper-proof time seal es- 
tablishing an author's claim to the temporal existence of the document Initial- 
ly the author prepares the document (21), which may then be condensed by a 
process such as hashing (22). Next, the document is transmitted to the Time 
Stamping Authority (23), which adds time data to create a receipt (25) and data 
from adjacent receipts (27). Thereafter, the Time Stamping Authority applies a 
cryptographic signature to the composite receipt (28), which is then transmitted 
to the author (29). 
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METHOD FOR SECURE TIME— STAMPING OF DIGITAL DOCUMENTS 



BACKGROUND OF THE INVENTION 

In many situations there is a need to establish 
the date on which a document was created and to prove that 
5 the text of a document in question is in fact the same as 
that of the original dated document. For example, in 
intellectual property matters it is often crucial to 
verify the date on which a person first put into writing 
the substance of an invention. A common procedure for 

10 thus "time-stamping" an inventive concept comprises daily 
notations of one's work in a laboratory notebook. 
Indelibly dated and signed entries are made one after 
another on each page of the notebook where the 
sequentially numbered, sewn-in pages make it difficult to 

15 revise the record without leaving telltale signs. The ; 
validity of the record is further enhanced by the regular 
review and signed witnessing by a generally disinterested 
third party. Should the time of the concept become a 
"matter "for " later ^ the 

20 notebook ' anci %he' a e^ recording procedure servers 

1 effective evidence i;in substantiating f the fact, r that the , 
concept existed at least as early as^tihe n ritft<*bbtf ^witness 
date. „.. w - J ^ \ 

.*"*;';■'! '"^ The increasingly -widespread use of electronic 
25 documents, which include^-not <only digital representations 
of readable text but also' of video, audio, and: pictorial 
data, now poses a serious 'threat to the 4 viability I^pf the 
° "notebook" concept of establishing the dat# of ;any; suc?i 
, document. Because electronic; Jdigital documents are so ; 
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easily revised, and since such revisions" may be made 
Without telltale sign, there is available limited credible 
evidence that a given document - truly: states the date on 
Which it was created 3 or- the message it originally carried. 
5 For* the- same reasons there even- arises serious -doubt as to 
the authenticity of a - verifying sighatiire. i Without an 
d ' effective -procedure for ?: ensuring against the surreptitious 
^revision of digital documents, a' basic Hack -of system 
credibility prevents the efficiencies j of; electronic 
lCf doc\mentatioh J: from Iv beih^ : more widely implemented.- i 
4 :i .. **./ . ;>... '* . o": \ *'-i*z :.\ <'/■ . *v . /tvw l 

f : : i Some procedures are^ presently available, f or 
: Verifying 1 'electronic -document transmissions? however, such 
" 7 v* p^oceaiires -are liiiait^d^in^ application td bilateral 
v - : communications : That is > in such- communications the 
- 15 ; sender essentially desires 4 to verify to -the v receiver the 
*'* : source* and originatl content of the' transmitted '".document . 

*" f or example, "private- key" cr^togrSphici schemes have long 
been employed for -message- transmission between :or among a 
limited universe of individuals -who are -known :to: one^ „ 
20 " aridther and- who aldhe Jlmbw 'the decrypting -key. ^Encryption 
of the message ensures against tampering, and the fact 
th^t { ^plickticn >of the ;pi£&vate key reveals the 
"pi^htekt'Hc^f the -tMfismitted-m^ ^serves , as proof 

i. -iJ • -that the Message^Was ^ ^t^aL^smitted by-orie -of the ;defined 
25V - { uniVerse - r The tIme^-G2?eation : of the inessage ^is^ only 
r - coiiaterally established, " however, '* as being, aot later than 
ir it's-* Receipt by the^'ddresseei This practice thus/ fails to 
'provide time-^stamp evidence that would be useful - in an 
unlimited 'universe at V a later date o • - . 1 — * " 1 " 

3 0 A more broadly applicable verifying communication 

procedure, that of "public key" cryptography, has been 
described by Diffie and Hellman ("New Directions in 
Cryptography", IEEE Transactions On Information Theory , 
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3V0I. IT-22,. November 1976, pp. 644-654) and more recently 
■ * . ~ implemented by Rive_st et al. in U.S n -Patent ,4 ,405, 829 , 

• issued 2X)- September 198 3-.oc While this scheme expands the 
; t xrtili5ing. universei.~t0 ^substantially unlimited .number of 
i 5 .system . subscribers;; who are unknown-, to one another;, but for 
r& . a publ ic ? directory, - yer i-fiable communications remain 
:>t bilateral v 1 _\ The.se- limitations persist^ since t altjhough a 
;/ r .7 -publ ic> key s ignatureV ;> such[ : as , that ; whi , qh t enta i 1 s publ ic 

•:Jkey decryptionj -of > ar message encrypted with the .private key 
10 of) the transmittjer,, provides^ ^ny ^einber of ^the -imlimited 
universe with significant evidence of the identity of the 
retransmitter of ^,the -message-, — only : a _giyen message recipient 
- canrbe,: satisfied, that • th^c®® s sage^existjad ^at least as 
/early [ as the time , pf-its^ receipt. Such .receipt ^ does not, 
15 however, provide; the who^e universe :w4.jth direct- eyidence 
is. .of time, of ; the tmessage's^e^istence. - Ts/st imony, of . a such a 
; -rrecipient:ein .conjunct ipn^^ith the -received message could 
. . t advance ythe ipropfj of r iaes sage : content and t^me of ; its r 
[vr q. . existence,,, but su<?h;r£Yideiiee~ f alls^victim tq.tjhe. basic 

2 0: - problem of -ready manipulation of electronic . digital 
. : y document content , ; i whether ; £>y :,pr tginatpr^ «or witness . - 
- ~. i " r?. v;r;i^; r ";*o.i.cj5V- zr. ■ "* 

»;.r : .Thus, the prpsp^t oqf a c wpr>ld -*j.-n - j^iphr jall 
r o , - . documents , are r ins easily J: Rodif iable digital form; threatens 
... , ; i the ^yery rsubstancg of * <exigt ing ^procedures .for establ ishing 
1 23.(. the credibility of vsueh^dpcvajentSs; ..There is ; clearly a 
: : .significant present r.nped f qr- ; a rsystem pf; yerif ication by 
y. s .j ■ which ^a .digital _\ document; -may: -be . so fixed in time- and 
content that; it can present at -least to^ the : extent 
currently recognized r in tangible; dpciment^ 
3 0 evidence on those issues. 
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StJMMARY OF THE INVENTION 



The present invention yields such a reliable 
system in" V method" of J time-stamping" d^^ that 
"provides the e^iaivkleht of two essential characteristics 
5 of accepted db^cumerit' verification. n First, the content of 
" ? a document and a tiiae £takp 'of it is existence A are : 
J v » indelibly" 1 incorporated into- the digital data of the 
d^cniment so that it" is hot possible to change any bit of 
the resulting time-iktamped data ! without such a change 
10 being apparent. " Ih' this mkiiner/ the state of the document 
text is fixed at the instant of tim4-stamping.° Second, 
/ the time at ' which ^ stamped is 

J verified by a ^witness ih|f"- ; "digital signature procedure 
that deteris the inco^btirtion of a f £lse time statement . 
15 ' i^ ' essence /%he methbd i t^anWfe^:s , control of the- time- 
" *' stamping step from the^ t6 f atf ind^pendeiit agent and 

removW from the aiithbr their ability to influence the agent 
in, the application of other than a truthful time stamp. 

> ,\ : , . . > ' r ,^ e - ^ a 
" ' "20 " nuiab distributed throughout a 

" ; J?: ' ; cb™uniba1:ion hetWbirlc. £4 "gUcfi kuthbrs may" be individuals, 
* ""companies, cdmpiany ^departments, etc! each representing a 
fti ' distinct*' ^kiid' 1 ' j^fentifiki5i^V ! ^e^gr by TD number- or the- like, 
. J ' ? meiii)er^oi tlie r autliot : un^e^.' in one embodiment of the 
* *£j> x J invention, ;this' univers^ itfay bonstitute the clientele of a 
"~ J time-stamping agency (MA) , while In another embodiment 
the r "distributed" authors* may' -serve as agents ] individually 
' perVoraing" the for' other members of 

the universe . * " *"* 

3 0 ! * In its general application^ as deprcted- in FIG. 1 

of the* drawing/ the : present 1 method entails an' author's 
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preparation of a r digital document, which may broadly 
comprise any alphanumeric, audio, or pictorial 
presentation, and the transmission of the document, 
- preferably in a pondensed representative form, to the TSA. 
5 : „The ;/ TSA time-stamps the : document by adding digital data 
^signifying the current time, applying, the 
>• _ -cryptographic signature, scheme,, to r the document, and 

transmitting Iphe resu^ingL document, jiow a certificate of 
l w the temporal existence of .the. original document^ back to 
10 the author whe^re it ip held fo*r ifiter use in required 
« . ^ proof of., such exis^terpe^ Alternatively ^ , the TSA may 
. time-stamp,, the docime t nt to. create a receipt by adding 
. .digital, data signifying the current timei; cohcatenate the 
rreceipt with, the current; cryptographic cat ^ of its 

: 15 v prior tiiije stamp. rppeiR^s^ and create a new' catenation 
: - from the ^oH^osit^ c^ppum^^ of a deterministic 

^ : function, f such, as v flji^pussed in greater detail^ below r The 
v ... resulting, patepate, value is jthen included with time and 
olAer identifying^ 

20 To ensure against interception of confidential 

e . r , ^document , infp^ the TSA, and 

. to, r^dupe . the^4igltal, bandwidth^ retired for transmission 
/ Kr v of. an .pntire doq«i&ept M , /Ifcjie autiior may o^Uonany convert 
. ^ $:he c digital :i document.^ a unigue value haying 

25 , r vastly condensed digital, size, by means of a deterministic 
function. :which may, |pj:. . example, be any one of_ a . number of 
.algorithms knopn, .in the ^18,^6-^ hash factions". . 
r. Such .an^ application... of hash functions has been ^escribed, 
r^. • ,ampntg ^athers, by Da^g^rd. in his discussions, pn" the 

.3 0 , improvement, of security in document signing techniques 

^-^x • * ---- - ■ ' - - :r 'iiJiSj^-^: sr £>rr: r ,:i.r:-o: r« >:*« 

("Collision-Free Hash Functions and Public. Key Signature 

Schemes", Advances in Cryptoloqy — Eurocrypt '87 , 

v Spr^nper^V^ 304 : , pp. 203-217). In 

-practice of the present invention, however, th^ "one-way" 
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characteristic typical of a hashing algorithm serves an 
additional purpose; that is, to provide assurance that the 
r ^ document 'caiinot be" secretly >reVised subsequent to the time 
the TSA 'applies -its- -tame -stamp or incorporates the 
: 5 document inio the catenate certificates * - 
.".r r .z . ^ . * , r '{ >- - * * *■':■ o . . 

' ' 1 : A "h^liing f unction provides" j ust such < assurance , 

v r since at the tisae ¥ documer^, - such is an author's original 
work or a ddnipdsite receipt catenation; ds hashed there is 
* ; " created* f a representative "fingerprint 1 ?: of its -original 
10 content from which it-id 1 virtually ^impossible to recover 

that document. Therefore, the time-stamped document is 
£ "'ii'ot "susceptibie • to revision by any adverisary of the 
. ./.Ji c , a ^ t " hor V *'Nor *is r the author ^ble -to apply an issued time- 
; :c £tajHj>' 'certificate- ^o < a revised ^form of the document, since 

"15 ariy change in the : brigiriai r document content , even to the 
* ' r exteiit" ot 'a ' single wd -oirj-a 'single bit of digital data, 
1 ; Results in a different -dccument that ' would hash to a 

" * ? dompietely different' fingerprint - Value . ^Although a 
::V " : dbcumerit eaiinot -b'd recovered- from its Representative hash 
20 vklue;' a r pu^)orted 'original- dbcixamdnt cam nonetheless be 
proven in the present time-stamping procedure by the fact 
that a receipt comprising a true copy of the original 
3 ~' A: "^ddfciim^nt rdpr£senta€^^ "»hash" to the original 

, " T hiiiiiBfer'c^ the %ame ea%ena^6 value -a^ is ^contained in the 
: 25^ ; 'c^rtif icat^V'' assuming -use of the original hashing 
-algorithm- 1?". .;c;:- - ' <^ ^ ' ■ '.'^ ' ^ 

rr:: - r "Any -available -deterministic f unction , -e.g. a one- 
' ■ C4 way c frash function -such ~ as that > described Lby ;Rivest ("The 
• :v/> ' 'mil Wes^age : £)ige^t'-Algofithm" / Advances in Cryptology — 
~ :: - 30'' : Crypto '90 , Spririger-Verlag, ' liNCS , to : appear) , 

incorporated ; here iri £y reference, "'may be used ::in the 
• ^present pfo^ the ^invention, such 

" : a hashing operation : is ' optionally : employed vby ^the author 
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to obtain the noted benefit of transmission security , 
. although it .might be effected by -tfce TSA if. the document 
. -were .received in, plaintext In whatever ( such manner 

-the document content and ^corpora ted- time data are fixed 
5 against revision, rfchere regains the-; further, step., in order 
to promote the credibility of the system, of certifying to 
r v :fche members ofc- an^as. yet i^identif ie<3L .universe that the 
; t ^ ^receipt- was in / f aot prepared, by ~the. VSK, rathejr, than by 
:.■> ithe. author, oan A that the -time indication is correct, i.e., 
r 10" that: it "has not, for ;ins1sjan0e,^b.ejBp :£rai^dulentiy stated by 
^ : - the -TSA -in collusion wi'th^tl^e au^hfar.,- t 

-.r.-J To Satisfy tjie fojrmepr concern,, the TSA uses a 

. /.verifiable . signature -sqhejae, o^-a .type : sucl^ v as,.the public 
"3 ^key mettesd. earlier notQd n to c certify th^^t.im^-staiiip prior 
j 15 -todts- ■tranOTit'feft.l'v^ ^& i: a ^^^ , cqnf irmajti^ .of the 

^signature -at. a jlajter 6 tige f .suc^ a$ jDy ,degr^tiQn. with the 
>• -TSA'as public ;rk§Y, proves Nto ,1^e author ,pd : J;o jjfche universe 
*■ v at ilarge that; :*h^ ce^t^ioate originated .with . the TSA. 
;-ri £i ^ TProof ;-of ,jthe;;Ve itself,, .however, 

r;.i 20i=..reliesriUpon f Q'll^ingal^d^'^P.^^ - a .^^ c ^ °^ /,<■; 
' £»c»" invention .v^q p.- : .'.err .tr^^i^q r r ,-; ^ — ^ . 

-^•-•"V- -j^:.c :.3)isx:: r> p:i j; .si:tq/r:co : qj;^o::*:. 3 ^ 

: > : ^ . /vr o Ii^an r alter;nat^^ a 
. \. : . . record -of -its, s sequer>t ial ^n^q^- stamping, transactions by 
j adding each ^ new .^r^Qeipt^to its . .cgrrerrb : .c^ten^Lpn and 
25 applying its deterministic function, e.g. Jia^in^, the 
composite to obtain a new catenation. This catenation, 
-jitseif .a , value: resulting process, is 
: included Ion the receipt- or { fcert if ;icate returned, to the 
. .V- _ »: author, and serves to-certif^-t^ 

30 Confirmation of ;the .certificate at^a Later: .time, involves 

rehashing the^c9xnbination of the author's .£imejreceipt and 
: r . the next previous catenate . value iii c the : ,T£>A records . The 
..resulting, generation-of the author's catenate certificate 
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value proves to the author' and to the universe at large 
that the certificate originated with the TSA. This result 
also proves the veracity of the time-stamp itself, since 
ail original eleinentk c of the original receipt must be 
5 repeated in order to' again generate, by the' hashing 
'function, the original 3 'catenate certificate value. 

"" one embodjieiit' 'of the- process j' "as-generally 
>r depicted^ 'in FI(i. draws upon the relatively continuous 
flow of documents from' the : universe of authors through the 
i<T ' facilities of tile TSA". For~each given processed document, 
iw ' r; b" ', the T^A^ge^nera^es a time-stamp- receipt .which includes, 
1 ' ' ior exampie, a segUeritial receipt number, r k <, the identity 

f'of'the author, A^., : by TO ^uifiber, : ID^, 6r the^liKe, the 
" iiash, k k , of" : 'the ' docm&t r ,J din& : the current time, t^.. In 
15 ' addition, thVTSA" includes- the receipt -data ^of the^ 
' immediately 1 preceding processed- document, ; - of author, 

A , thereby bounding i the tiTBej-stamp of -document, D k , in 
~ |he "past" "direction by the" independently «■ established 
* " iarlieW receipt 'time, ^j^- f ^i3cewise> the receipt data of 
20-" %he : 'next received^docn^e'wfcy 'b^y ^re' included to bound 

the time-stamp of 'do^e'Wt^ in the'-" future?' : direction. 
The composite receipt, now containing the time data of the 
~~ : thrke ,' "ot 'more 1 if 7dgsireU, ' sequential time-stamp receipts , 

^ ^\d^iiY±^^^^^^^^' is then certified with 
25 "' %be cr^tograp^ic''TSA B s^ature and ; transmitted to the 
author ) ' A k . in'l iS& 'manner 1 a certif icate - containing 
identif iable representations of D k and D k+2 would be 
* !: ~ transmitted to author'; A k+ £. Thus, each .bf. the time-stamp 
A ' certificates' issued : by th£ ; ISA is fixed in the- continuum 
3d" o.k time and hone can' be falsely prepared by the TSA, 
" s ' '"'"'"a" comparison of a number of relevant" distributed • 
" certif icates would reveal 'the discrepancy in their 
; " "seqilerice". ' "So effective is- such" a sequential- fixing of a 
document in the time stream that tlie- TSA' signature could 
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be ■ superfluous in actual praqtice.. 

A, .second embodiment of t> the, invention, shown 
generally in FIG.,3, distributes -the /tin^-stamping task 
^.randomly among a br<pad universe, ~ for example the 
5 -jmultiplicity of. authors, utilizing the. time-stamping 

process. A TSA could still be employed for administrative 
purposes 5 or- the requesting, ^author; could communicate 
. . directly *wit;h the selected, time-stamping author/ agents. 
: > In ^either event, ^ the, abpve-mentioned need for assurance 

* 1Q that a timer stamp, has. i^ot been ^applied to a r document 
r r. u through -jcollus ion ; b^^eix the ^au^hor ^nd the stamping 

. ; / / ^agency is met in t^ r combiijatipn of the reasonable premise 
; > /that^at least] some :u partion : of tt*e agency uniye^se is 

incorruptible or would ,p£herwi6e pose a threat of exposure 
15s to^an: author, attempt ina .fpi^if iqation, and th£, fact; that 
r . ;» . . . the t ime^s.tamping £9^$A^: S * ^ oc ^ e , ] ?^ ■ ar ® 

-selected- f rom : . Jthe .univers^ _entir;ely at randoml ' The 
o'f -v resulting ; .1^H jo»f , % capability „,pp /the : p^rt . of ~/t£e author 
: J : -jr too^elect a. prospective collusive agent of the author's 

c owp cbp^sing- w feasibility^ of 
ji i b ;^in^en^onajL- : -jbliDe' f alsi^i^t^on j. n . . _ _ _ . ^ , 

\* - :r - . :?7 The : select %on (^_the b individual universe members 
: who. will act as t;h<* .^^^t^^i^ is 
1 v .- accomplished by- means^ .a r pseudgrandoia generator of the 
r 25 ; type discussed by . Imp^icflaaz 50 , - I^ey in , and Luby 

; X" Pseudorandom Generation -^rpm , One -Way |1in9ti<5ns l, , 
\ ' Proa '--2 1st- STOC t pp. 12-24 , ..ACM, 198?) .for which the 
' i • initial seed is a .deteinalinistic function, ^qucti as a hash, 
of the- document being .tiiij^-stamped. Given .as : a seed input 
3 0 the - document . bash . or :.ptl>er . such function , the implemented 
. .; pseudprandom ; generator will., output a series of agency IDs. 
; 5 - r This, agency t selection is ,f or . all practical purposes 
. unpredictable - and ...randprn. . . . _^ " 
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* once the agents 'are selected, the iiiiiie--stamping 

proceeds as previously indicated with the except iorP that 
each agent individuallt adds the*. current time data* -to *he 
representative document' it receives, certifies the 
"resulting separ^e time-stamped receipt with its own 
verifiable' cryptographic signature;- and transmits*, the 
eertifiba£e back to the ^author. This transmittal may be 
"directly to the "requesting author >or by way of the 
a^in^strative ■■"■tSX ^ where- the -receipts, are combined with or 
10 without f urttief "certif ication by - the TSA .. The : combination 
of signature scheme and a published directory of author 
^j-'-'ifcs provides' verification- o£- the utilization of the agents 
t: r 'tnat Vere i'n fact Selected' -.by the -pseudorandom generator. 
? ' ' "This distributed- agent " ; embodiment of the invention 
' 1-5 ''prWen-es some Advantages '- over the receipt-linking 
* ^ * ^rocWure^n^thlt a^certif led-: time^stamp is provided more 
• ! * • quic3tl^ : arid a given author' later- proof .;of , a document is 
~ : -less reliant J upon-tne- availability J of .the ..certificates of 
v;: otiier Authors. ML;:; lL -^P--- ^ 3 .£'.;.> > 

T ' 5i 2 ; 0 ar ''- A i: * • > lfi" an-^ddi^idna-l-'einbeainient^ shown-: in C FIG. 4> the 
TSA 'generates i^time-stkmpP receipt- Whlch~ includes, for 
example 1 ; a sequential- recWipt transactibn number, r^, the 
Identity" of the 1 author; ^--for 'example^ by IDi number, ID k , or 
r ' "'-the i'ike-; - l a digital -representation, * e.'g^ the: hash, H k , of 
25 ^he-document- and €J»e current time', t fc . > The. TSA then 
includes these receipt data, or any representative part 
thereof, with the catenate certificate value, Cj^, of the 
Si "immediately preceding -processed: document, D^, of author, 
• Jt '""- K k _'£ , ^thereby bounding ' the- time- stamp- of > document , D fc , by 
3 0 tHe independently established earlier receipt time, t^-l m 

-•"'•"The composite"- 'data ^-string-;- (' r ] C/ i 3 :D k, H k;' t k, c k-l ) ' ls 
" * - ' then "hashed " to a new -' catenate value J < C^. , y that- is entered 
with transaction number ; ■ r-^, "■in' thfe records .of the TSA, 
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* and is also transmitted to A^, as .the catenate certificate 
*^ value, with the time^stamp receipt T dat^a. In like manner, 

a certificate value derived ;f rom the hashing of with 
time , stamp elements : of ; the receipt for dcpcirmejit,^. D k+1 / 
\S K > would be transmitted to author,, A^.^. Thus, r each of the 
; time-stamped catenate -certif icates, issued by the. TSA is 
fixed -^in .the continuum of -time and. none, pan be^ falsely 

• prepared by the-TSA* since ? any .attempt to ^regenerate a 
t catenate certif icate-nuiiiber ; f rom next 

10* prior certificate would ^reveal ; the -discrepancy. 

V it J; Inxa tmorer general : application .of ,the invention, as 
shown ;in.- FIG.u 5, the j representation, M e.g. a hash, of a 
*t particular, document; is.- simply concatenated ,with ( .the 
^catenate ;;certif icate^y l alue f ^of r the r neact previous ^docvpaent 
15^ :;and ;the deteinaainistic> function representation, . a r gain a 

hash, . for example* of this, composite is r then generated and 
^ ;o X retained fas; the; T^coxA ^%ej\^&ryeiXu& .for ;the .particular 
document. Each subsequent document in /tlie grqwing series 
is similarly processed to expand the record which itself 
20 Would* server, as the position 
,reachr;such document pGC^ies...i 1 >.. th ^ series,, „ or more broadly 
viewed, ^in^the-cpntinuu^ embodiment of the 

-'71 . invention proyides,*<a reliable-method by which, an 
. * . ^organization, , fpr : fi*is^ the 
25" sequence and continuity^ of its digital ^busines 3 ^documents 
K -j .and. records; • - r j--:-:. : t t -, . . ; r . 

: i ' ( , Additional^ variations ] in ; the process? ■ cjjf; - the 
" invention might _ include the: accumulation of documents f 
^ preferably in ; hashed ^ 
30 generated within an author organization over a period of 

_ time ; e . g . a; day > or jnor% ; depending^ upqn ,the extent of 
Vuv activity, with the , coll ec$lon T being hashed t „tp ; present a 
vs ingle vconvenientvdocLment,. for. time-staijiping r ,and 
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certification. Also, the initial seed for- the 
pseudorandom generator may be based upon a function of 
time or previously receipted documents,' "as well as of the 
document. As : an' alternative/ an organizational -designee 
5 might serve as a resident "outside" agency who would 
maintain' a catenate Certificate record of organization 
documents by means of 'the present procedure and on a 
regular basis would transmit the then current catenate 
certificate to a TSA. In this manner the sequence of. an 
10 organization's business records would be established both 
within the organization and externally through the TSA. 

Also, the implementation of process embodiments 
might readily be automated in simple computer programs 
which Would directly 1 carry out the various steps of 
'is hashing/ transmitting 5 , ^d ; concatenating -original document 

• representations/ applying current time stamps; --generating 
,:: ' and recording catenate^ ce*tff ifcate valued / and providing 
' receipt certificates' ; " v " !> A T " - 5 ! • ; " 



- ' " '' 1 ' tiC "- ' lV;i ' " PO^Qj^gg DRAWING ! ' jr '' : '• : 

J .. r . .. i. Tiie p re ^ent invention w"ia-l- £ b~e described: with 

reference to the accompanying -drawing of which': ''• 

:j : * - - FIG 1 is & flow diagram of a-general .process of 
time-stamping a document according to the invention ; 



J ViG. 2 is 'a - = f 1/bw "diagram T of a specific embodiment 
25 ; of "the process; " ' " " 



r 



'FIG.' 3 is E a flow df agrkm of another 'specif ic 
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embodiroent of the process; 



. i i.FXG.rr* is a flow.. .diagram of an alternative 
. t lembpdiment of, .-the .time-stamping process; and 

. . FIG* 5v is a f flow diagram pf a general catenation 

5 r process according to the invention.. , A 




DESCRIPTION OF THE INVENTION 

: ,v „ ; . : .The following examples of the ^application of 
.embodiments pf r . .the present invention w,i 11 serve to further 
:. : r ^describe the involved process,*, For, convenience in the 
■t ;^;10 presentation v of , these ..examples, if the deterministic function 
selected is the md4 hashing algorithm described by Rivest, 
as mentioned above, and the verifiable signature schemer is 
the public key method suggested by Diffie and Hellman, as 
; implemented by Rivest et al. in U.S. Patent 4,405,829. 
15 The function actual ly selected by a TSA could be any of 
various available algorithms • Whatever algorithm is 
implemented, records of its identity and period of use 
- j^:must.rbe.: : maiivt_aine;d for slater proof _o.f .certified receipts. 

Further:, - in order .to simplif y ^explanation of the process 
20 and for the additional reasons noted below, only 
- ; ^ v,'.representatiye segments of ,-the entire numbers will be 
- reemployed** • /rVvr;,. r-.«.r.,c' - r .j,^ «-.-- 

, /:. The :receipt-linking .-.embodiment, of the invention 
shown in FIG. 2 is initially considered.. Although ; the 
25 present process may be used with documents of any length, 
; : the following apt excerpt ..is amply representative of a 
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docvunent, D k , which an author prepares at -step "21 and for 
which time-stamping is desired: 

Time's r glory is to calm contending kings , 
To xxnmask falsehood, and bring truth to light, 
To' : stamp "€he seal of < time "in aged things , 
^ . .n To wake the -morn, --and sentinel, the night. 
To wrong the wronger till he render right; 

u ; .* : to •.: . f : The oRape, of Lucrece . z >c "Si 



>io~ - : -. • .By means ;p£>the ^ w «aggrittmr. .1*e. ^document is 
:. hashed/ at, optional /..dashed f step 22 to a number ,. H k , of a 
.? f.. standard;, 12 8?.. bit format .which expressed, ; in base, 16 appears 



v. .. • ^: v --•ef.6dfded833f3a4h3445.15e?fb5.ce39l5 ■ .... 

•:i :.r. " •■ -■ .. -• i t ■ r :. r ' : ^ d..»c..' i**' .• • ; -• r i- -i 

->■: i5i-The author/- A k , whose sy ; &feem c .identification, number, ID k , 

i - is 112 in a. 1O.0.O member ^author , universe, transmits the 
r , . ,-. . thus-identif ied: .document feq-the, ;> system :1 TSA : ,..,at s^ep^ 23 , as 
the message/ (ID^^H,^) ^w^iqh, appears:. ; - ...... t ,c_ : 

f-n.' ; J>7.2;, ief 6df dcdfi33$3a^3 ( d^515a9fb,5ce39W. t>? \ 

5 01 as ;a request that:' the document - be time^stamped ?r , 

The TSA then prepares the receipt : fpr .document , 
Dfc, by adding, at step 25, a sequential receipt number, 
r^L of j132;, -for , example./- and -a statement of the current 
. -' -is- . . time, t k .' This time? statement .might include a standard 32 
25 bit representation of computer clock time plus a literal 
statement, i .e. . 16:37 : 41 : Greenwich Mean Time on 10 March 
1990, in order to allow the final time-stamp certificate 
. . j to be easily , readable :by the, author , A k . The receipt 
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would.then qomprise the string, (r^ tj^ IDj^H^). 

At this point it would be appropriate to further 
consider the earlier-mentioned reduction of number size to 
representative segments. As -is described by Rivest et al. 
5- h im u*S? ? : Parent t 4, 405, the^'cryptpgraphic public key 
' scheme to be * T eip£oyed iW th±£ example (generally known in 
the field as the "RSA" signature scheme) requires the 
division of an -extended inessage into blocks that may each 
be represented by a number not exceeding the encoding key 
10 number element, n. Each such block is then signed with 
" th£ RSA algorithm, to £e reassembled; after transmission. 
t Therefore, ~ in order -to i%e : eible^4fee a number, n, of 

reasbnable size iri this* example While: ^naint^ining a single 
block for the final receipt string to be certified with 
15 the RSA scheme, each element of the receipt string will be 
reduced €o a- representative ^ height? bitsy typically the last 
eight bits of any overlong string, and those bits will be 
! ~ T statred : in base - : 1 6- to • ^re^nt^' ^ ; two hexadecimal^ character 
? J * "istiririg? Tfiui/-' for : ifis€andey ; *'the 12&- bit ^document hash,- 
20-" H^," wili- be : reprei<Brite<^ Sy^lts last ^ eighte bitsv: i.e. 0001 
0101, stated^as-15 (ba£6^ 1.72, is 1010 

1100 and is represented by ac (base 16) . Without actually 
undertaking the cilcUl^€16h9 r ^t^will suffice to assume 
that the time statement, t w is represented as 51. The 
25 receipt "number, i32y i: wofild b^ represented 1 as .84^ The 
receipt string to this point, i.e. (r^ t^ ID^. H^) now 
appeals as ' sUsiaclSi " q-r:'q n& !r • 

* " ' Assume - now - that the^dmmediafcely.^r^ced t Lng 

t, „ : _ (jocujneritV ^"©j^^'V Was r processed tby the "TS A as the/, xequest : 

30 4 ' : T 20i; } d2d67:*32a6ld6r6f7b87dcl£6 

j . . . . 

at 16:32:30 on 16 March 1990 (t^.^ being represented as 
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64),. The TSA adds these data, at step 27, to the receipt 
string for D k to yield 1 the hexadecimal representation, 
8451acl564c974. This receipt, R k , r now 'contains data 
" fixing the time for D k : and a tfme, ^^, before which 
5' author, cannot claim 1 that d£ existed.' This limitation 

" 1 on A k is^ established by the fact that the previous author, 
*X-1' holds a time certificate; l C k _£; that fixes 't^ as 
" subsequent "to the iinlceaf 'tilde "data,. t k _ 2 , ~in the 

certificate ;of "au1^or, ^ 2 j, and so on for as long as a 
10 proof requires. J 



.i 



• ' ! to v establish "that ;\'SfA in fact originated the 
receipt f or : doc\iment, ^ h that receipt is transmitted, at 
- " step 29 ', €o author; : ' a£, ^ter 'TSA signing / at step 28, 
with the T' public ^ key 'cryptographic signature scheme and 
15 becomes"^ certified receipt, 'or -certificate^ C k . With 
the data. derived above, and assuming that TSA has the RSA 
signature key set,* in decimal : ~ " - , - i 



- ' % < n ;d> i : ^43206'67782i42 i 8ld r 9;^ '(Private) 
20 the signed 'certif'fc^e^o^^V 845iaci564c974v would 



compute as : 

:v i "* ~ ^^bd'ii^ ^547^16^4^74392 > ' ' 

When- iuthoi-;' A^,* '* r^ceive^ *"t*iis certificate,- C^V along with 
iif r the" literal: 'stat&n^ht o't^} it may be "readily-confirmed 
2*T 'ass being fcotrect a^plicatidri of the TSA^ public key to 
* verify that: - ** 

C k ® mod n = 

and that R v in fact contains the data representing the 
document hash, H v . 
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t The procedure r ?hown ^in this simple one-link 
example results in a ^certif icate which, being bounded in 
\ time, by the data f rom docipent, D^, provides author, A k-1 
- - iwith reliable evidence ttiat document, ..-P^.^/ „was not 
£ backdated to ."V. time significantly prior to the existence 
of dQcument , ^ . Wfren 1;he ,^erti f icate t Sf A k is expanded 
with additional data .from the .sxibseguently processed 
document, it will likewise ^be effectively '^bounded to 

•j substantiate the time stamp claimed .by A, . . in an 
10 alternative of the same effect, A v could simply be advised 
of the identity of A k+1 and could conf iri from that author 
t that the one-link ^certifipate, C t , contained the 
, * element, .Ji.. .. The. procedure could also be varied to 
, s ^provide certified, recei^t^ which include data from any r 

15 * number of ^thors .with jaach addition providing a further 
j : . degree - of - assurance a^a^s|t. f alsif icatiorj. 

Another embodi^ejxfe r .o£ th^ ^invention, as , shown in 
FIG. 3, which utilizes randomly selected members of the. 
author universe :I ^s ^ tii^e^tainping agents, or witnesses, .t: 
.,2,0:/ : : ke. t a ^"distributed .tioi%t^ r pxoce,dur? r , .wppld proceed in the 
lowing .manner. * Al^hQjj^h jthese .numbers are not so 
limited in actual practice, for purposes of the example it 
will be assumed that the universe consists of 1000 
authors, having IDs . 0.-^.9 9,9,,. r and that three witnesses will 
25 be sufficient to establish the veracity of the time stamp. 
: v : : Also, in this example the earlier-noted t variation 
^ , • ; : - including*., the services o,f a t T T SA is being_ implemented. The 
- ; - a hashing funpt ion, md4, r ;'utilize^,in ,the above ^xample^ is 

employed here also, in optional step 32, as an example of 

■ * **. r "? *■ / 

^0 a deterministic document function which will seed the 
pseudorandom selection of the three witnesses from the 
author universe. 

As in the previous example, t^he author transmits 
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the document to the TSA, normally in hashed form; as the 
identified request: L 

' r ■-" 1 ' - 172 , ex6dfdcd833f3a4-3 : d4515a9fb5ce3915^ - 

The TSA ^bw" uses this "document : hWh string # in '-step 33, as 
5'* the seed to " genfera^e the* ID number of the -first * witness, 
! "at: step 35/ acdortairig to- the Selection algorithm: 

- ' > - - " = [md4 "(seed) ] mod (universe size) 1 ^~ - 

" The resulting seed hash f " • = ■ . •* — -.•->-' 

' 1 - 7 -26f54eae9251^dbb5ed 6 e7c2 , de6e0fcf; V» ^ 

10 represents the 128 bit number which mod 1000 is 487, the 
r; i c 'f£- ^f- -the"' first' seleclsBd^ftiSessl' "' "The* next witness is 
: " likewise chosen using tfiis ^eed hash "representation as the 
Be : ea~ih ; tne~- second' se^ect"f(5h"computa%*i:6h t^yield: 

IB ' Vhich'mod; looby i W J 57*7 1 the : se"cdnd 'witness' IDl 'A repeat 
■ ; ' df ^e s computatfbn n , -a'^af n ; seeding with the ' prior « seed 
r ' r ;r h^sli^ selects the 1 ' ' &n£l r v£tnes*s ■ <aa 59« , which- is: 

: i, !.'■'"; r.i :..g,Tf t ? '. -J 

2fe8768ef3532fl5c40acfl341902cle mdd 1000 

-) t ": v '- ,-' a : '. ' is u 

' The "TSA now ' sendsy at- step 3^ , a copy of the 

20 ' r original request £o-eacfi of Ei these three witnesses who 

individuaily, ; at step r 38 / add a current 'time statement and 
lb, "and certify the resulting receipts by signing with the 
RSA cryptographic signature ;; sche'me and transmitting them, 
at step 39/ 1 directly to the author or through the TSA who 
25 may assemble the certificates into a file to be delivered 
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to . the author :v By virtue -of the fact, that the . 
pseudorandom generation prevents the exercise of a 
personal choice in the selection of witnesses, the author 
is deterred by the. -risk of encountering ..a non-cooperative 
5 witness from attempting any communication prior to time 
stamp certification f or -£he purpose pf arranging^ for a 
• false time entry • In, a pMces3 r .yariant^ where the author 
is ; allowed to tjrai^smit -the request directly to witnesses, 
the random selection of such witnesses which is keyed 
10 essentially -to the involved ,dpcuB^nt itself frustrates any 
attempt by the author to direct the document to a known 
cooperative witness. The group, pf , resulting certificates 
may thus be employed with confidence in later proofs 
employing signat]ure vei^f ic^ipn in the. manner earlier 
15 described. 

?[ : ( - - r - ; : : The^ of the time- 

re .-. , stamping^ procedure J>e;ginS|, t a$ , ;a,t step 41 in FIG.. f 4 of the 
: drawing, '»ith tl^.^r^parc^on, of Iu a. ;i digital r docu^e^nt by the 
author, e.g. A^. As previously noted, this digital 
2 0 document may rbe^th^ of any 

alphanumeric text or video, audio, pictorial or other form 
= of f ixed ..data. #) . Although tl^ pi^sent^proc^ss may, be^sed 
r..... ; with-f documents of agy^l^^th, f o^l^ng „exce^)t is 

amply representative -.of v a (document* .D^,. for w^ich time- 
25 stamping is desired: 

. . . the idea in .nich affirmation of the world and 
t efchics are contained i: s44e by side . , . the ethical 
acceptance of .the r world ^and. of r li£e, tocje:tlj>er wi ; th 
; / . v.t t. r .the ideals- of . civilization ...contained in ; £his 
.- 30. j : - ; ppneept r. r /bruth >has^na special .tim£ of r its. 
. -. ' ;..pwnv ; - Its hqup ; . is. now. ^-.^a.l way s .. ^ ,. t- , 

c .••;—::»;. -_- 0 -t.jn.vcr srf-r o.r ■, Schweitzg j<r 
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If the author so' desires, the document, D k , may, 
for the purposes of security as well as to reduce the 
required transmission bandwidth, be condensed by means, 
for example, of the md4 'algorithm. » As indicated by the 
optional, dashed' 'step 42 r ," the document is thus hashed to a 
value, H k , of a standard 128 biV format Which, expressed 
in base 16, "appears as: 1 ' " 



ee2ef3"ea60dfi6cb621t:4fb3'f8dc34c7* 



It should be noted, at' this point that the hexadecimal and 
10 , 1j4e^ miinerical ~ value' representatiorts' used in this example 
" .are not in such form cruciaf to" the implementation of the 
"invention. Jniat' Is to s : aVv r ariy portion 'or other- distinct 
representation of those values selected -according to a 
given "procedure would runc^ibn as well ;■ 



'.: s. i v.: • r? ; - : - - .... -.1" .v 



15 Author, A k , whose assigned identification number, 

.ID , is 634 in a 1000 member author universe, then 
r ' L trrasmit^'-tte" : doc^ent # ' at "step ; 4;3 , 'to-the system TSA in 
thV identifying message7 " (iD^^r/' which ^ appears"; 

634, ee2ef 3 l ea J 6tfdf f6dbV2lc4fb3f 8dc3467 r 

20 as a request '^e ' J do D cinie 7 rft- c »e ^time-^staiiiped . 

!n 3 'The' TSA-iT •at a 6€«^ F 4^?''jprepMes : 'the receipt for 
document, D k , by adding r £- sequential receipt transaction 
number, r fc , of 1328, for example, and a statement of the 
( current time, t^. ? * : *his '"time ^statement* might- be a standard 
' 25 S ~ binary "representation' 4 bf" computer clock time : or simply a 
literal statement, e.g., 19 : 4 6: 2 8 Greenwich Mean Time on 
6 March 1991, in or^er" to 'allow the : final 'time-stamp 
certificate to be easily read. The receipt then comprises 
the string, (r k t k ID k H k ) , which appears as follows: 
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q ^ V; 1328 / 194628GMT06MAR91, 634, 
. ^ : r ee2 : ^f3ea60dfiqcb621c4fb3f8dc34c7 

. . In accordance jjr.it.li the invention, the" records of 
^the .TSA at this time contain a catenation' of ' ali its prior 
5 receipt transactions . in the m form, for example, of the 
values resulting from the hashing of each; consecutive 
receipt with the record catenation to that tiiae. This 
catenate record, wmld thus have been developed as follows. 
The receipt of first transaction (r k = 1) was hashed with 
10 an; initial datum va.lue, e.g.. the hash of the 
e ; ident^if icatipn of the^.TS^^ to^ yield the first catenate 
t value, .jC- , -which was. then used as the certif ica'te value 
■ * ; l for that .first transaction. In the next transaction, the 
> receipt was.. concatenated with C. and "the composite hashed 
15 to yield the s t econd catenate .certificate value, CL, and so 

on through the entire history of the TSA time-stamping 
; operation. Mr: : . fj 

- .■-■>. s v .-.Assume nc^w r that Jt^he doc 

preceding that of the present example h^' been "processed 
2 0 by the TSA, in its' 1327th receipt transaction, to yield as 
the catenate, qertif^ ^ , 

, , v , Te 2 6f54eae925:^^ 

-In^ step 45-*of a the process, the TSA now concatenates with 
, n ..-this value .the receipt for D v to obtain: 

25 s 26f54eae92516blf0d6Q47c2de6e0fcf , 1328, 

194628GMT06MAR91, U . 6^4^ ee2ef 3eaG0df 10cb621c4f b3f 8dc34c7 



: ,3 ^his; : composite . is th^n . hashed . by the TSA," at step 46, to 
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yield as the hew catenate certificate value, C^: 
• 46f7d75f0fbea95e§6fc38472aa28cal 

The TSA' theii adds this value to its records and 
prepares and transmits to author, A^, at step : 47', a time- 
5 stamp certificate, including this catenate certificate 
value, which might appear as: . 

Transaction Number": 1328 - ^ ^ t - 

' ; Client ID Number f ' 63^ j cz ; : "' r ' 

Time • 7 * ' " ' ; 19:46: 28 Greenwich Mean ' Time 

10 Date: " " ' : G6 'M^ttch '1991" j M " " : v : 

" Certif idate Number: ! *46f?d75f 0fbea95e9*i6 4 fc38474aa28cal 

The procedure would be repeated by the TSA for 
each subsequent t imfe :: stakp : ' xei^est -Assuming the next 
; request from S^;^ wab received 'with the -document in the 

15 form of its hash, H fc + i* as: 

'-" ?r r ; : «. v •; *> v:' ■■^.zuho'iv ti [ : ' 

201 , 882 653ee04d511dbb5eb6883aa27300l^ " 

at 19:57: 52T GMT ' on 6 Ma±Slr '19 1 tfie- composite 
concatenation would appear: 

: " ■ : 4 6f 7d75f 0£be&95^^^ 1329/^ 7 ' - :V 

;i 20 * 195 7 5 2 GMT 0 6MAR1 9 9 1*, 201^ j ' V82653ee04'd5i : ldbb'5 f e06'883aa27300b 

' 1 " r ' iAd J tM*e certificate returned 7 to A k+ ^ would read ^ 

Transaction Number: 1329 
1 " 'Client ID Number: Y 2oi : : '* " 

v Time:" ' " : ^ : i9i 57 52 : Greenwich Mean f Tiine 

25 Date:'* ' " ' ^ 06 March :v 199l r 7 - 1 

' ~ Certificate Number : ^ d^ 
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When /; at. a later.. date, author, A k+1 ,. desires to 
prove the authenticity of document, D^^/ as that which 
was received and dated, lay the .TSA on 6 March 1991 at 
19 : 57 : 52 , the records of the TSA are examined to obtain 
:■; 5 -the catenate r certif icate value, of the next previous 

transaction, 1328, whi civ. appears as; _ 

46f7d75f 0fbea95e96fc38472aa28cal 

The alleged document is then reduced to the form in which 

it was transmitted to the . TSA, e.g, as, its liash, and this 
10 value .is. then concatenated with C k and the remaining data 

from the certificate.. .of v^+i- The resulting composite, 
•j.: ;assumijig the alleged, docxiipent . tp e be authentic, ng>w appears 

as: 

* 46f7,d75f0fbea95e9.6fc3P472aaaacal, r 1329,. 
~-15 r 1?5752GM^ g§2653ee04d5^ 

which, when hashed, produces' the correct catenate 
certificate; £yalu$ : :,-i 1 ^f^ca^M , l ) : " 

, ^ ; , ^ c a9hplpll&p$pb0$$2 7^3^7515^8 ^ad v . ? 

thereby proving the alleged document to be D^-^ • 
2 0 Otherwise.,; a r ey isjsiL ^^uingnt ..WQU^d^b^jsh, tp j=l different 
/Viiyal^l^A 3 .-* 11 ^ cpmpos : ite x .of wh£ch,,i£ is. ^n, eliempnt would 
hash, to a !; catenate, certificate .valuja, different, ^f^ that 
stated in the certificate of transaction number 1329. 

9 SIM. ■\-i=-.Lf,;;. r; : 
If further proof -wpre dqmand^d, ..for example upon 

25 : an adversary allegation^, that C k+1 had been falsified after 

the fact of a dpcument = ,rey,ision, the certificate . and the 

■ r k submit ted., e.. g . .. has^e£^ is identified 

from TSA records, would be employed in an attempt to 
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10 



15 



regenerate the subsequent, questioned certificate^ lue, 
c if that value were correct, D k+1 would be ,. . 

«T» alternative, the certificate value, <y x . coux, 
proved by the" regeneration of the subsequent 
certificate value, *»» certificate data and 

fitted document of l****** -'^ZZZZZ* in 

could W made to that' ^ater-doeument which would result in 
a Match" of If 0 &i were-^ot **» same as.existed at 

thi' iiWe-of the trSnsaiition, »1330-i 

; -in the ; more general ; record catenation, procedure 
depicted in FIG. 5, the documents in" Rowing 
processed/ within an -organisation or by a TSA, as each is 

derated, « -p-Sl^new ^^^^^ 
such as would be generated by a hasning _ 
function algorithm, becomes available and, at step 52, is 
concatenated with the current record catenate value that 
was generated in thi , processings- the ; *re™ document. 
T his ; composite is then- processed, e.g. ; hashed, at 
-step 53, ; to e *»4»«*tfi*>M-' a*«.*»-V«l«.--*^«»^ 
^ present document: This value may be separately recorded 

4d utilised- for inclusion* ^™°^°^™^ a 
retained in *° 
next document which is presented at step «>e 
subsequent processing steps 55, 56 are applied to this 
; document representation, and the process repeats with each 
netf aocument in its turn; 
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What is : claimed is : 

"* ■ l. 

— - ' ■ — ' ; i* ■ t 

1 l. A method for the_ secure ^tiii^e-stamping. of a digital 

2 document ' a : . ; . w . ^ " -. ... ■ . ■ ;-■ 

• «.3- ' c h^ a r a c t e r i : z, e .:?o f. » • ^ -h ^ t 

4 a) ^ a digital representation of ; s%i4 document is 

-*'r, 5^ transmitted frogi an originator to an outside agency; 

6 . : >b) said outside agenc^ creates a r receip*t comprising 

7 a digital representation of then current time and at least 
\ 8 r-a portion of a digital represent^tipn of .said digital 

i 9. document ; and - ^ ~ ■■ - ; . 

..1.0- k.- c) said receipt,- is certified, at said outside agency 
, .^by ; means, of: a^verif i^hle. digital cryptographic signature 

12J ascheme.STi;: :; VC { _ - j:c , f . v .,. r . r ~. . r 

* ' • *i **' *"•'' v,Hi^' Uv,^ i ! :v?t:o:.^ ...j.-i:-;^!;, :/. roar; : cJ 

" It-; 2.;. ..r Amedthodt apqor^^ng-vto^.cl^tim 1. f .. _ _ ^ . c ... 
2 . j? , On -\c»tf.c h >:r a,jr ^ c^^^Tqi n 2i<e , i n„„.-t ,h^3. t 
3.:i:.' r said"? receipted <iijg4^^1^ 4 4 0 P^ e 9.^:% representation comprises 
; : ::4- - at leasts at porti^n^ of r the digital-, representation of the 

. 5r numbers deriyfe_d ; by .applicaj^ip^pf a .detepaiipis/tig function 
r *- 6- algorithm, toi said^ ^igi , 7 q^ c ^j 

' - - :: ~ :/ bvii- 3.: i:?.:^ 7*u ■-.r,-c--. t;o: i. 

; 1 ... , ' 3 . i . - As method according.- to .claim , 2 , v , - . 

2 characte f-i-.z e.d . i , ,t . h .a..t 

3 said digital number representation is derived from the 

4 application of a one-way hashing algorithm to said digital 

5 document. 
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14. A method according "'to claim 1 3 

2 ' c h a r a ct e r r i z e din t hat 

3 said receipt further comprises the time- representation and 

4 digital document representation specific to at least one 

5 other ' digital document receipted' by said outside agency . 



15. A method according to claim 1 

' 2 ' 1 ^- h a V*V c t e r ; i z e d ~ !; ' i- n ; t-h a t 

3 said outside agency is selected at" random from. a' 

4 predetermined" universe by £ mearis of a -pseudorandom 

5 generator seeded with at least a : porfcidn of the rdigital 

6 >e>res^^tion "of* ttie ; numfc^r; derived^rom the application 

7 of a deterministic function algorithm" 'to s-aid digital 

8 document:.' - -■ ~ . - . 



'i'" 6. ; A method according' to v claim 5 • ■■>;.ci- 

2 « ■• c- ii-a^r''^ c t'e r i ; z i d- - " ^^a^t .-" w 

3 ;'~ saiS pieiidciriiaoffl generatxbii' ^ed is -derived from the 

4 application of a one-way hashing algorithm to said digital 

5 document . 



i"~7'i' A 'metliod "'according 1 ^claim 5 ' h r - " '■ " & " 

2 c h a' -t \ "c- t? 1 !?^ ^ *T' c?r i/ fl n ' -t-h -a t 

3 said method further comprises the like preparation of a 

4 time-stamp certificate by at least one additional outside 

5 agency selected by said pseudorandom generation. 



l' 8 . f " A method accbrdihg to' claim 7 ~ ■"* - ; -' 

2 characterized in t h a t 

3 said method further comprises the like preparation of a 

4 time-stamp certificate by at least one additional outside 
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5 agency selected by said pseudorandom generation and 

6 wherein the- input for c each additional outsidie agency 

7 -selection i^ at least, a portion o£ the digital 

8 : represent atipn of . the output derived from the application 

9 ; -of v said on^-way hashing algorithm Jto a^ digital / 
10 representation of the previously generated output. 

19. A method of certifying^ the„ tf mpo?:al sequence of 

2 digital documents ±p a ,^e|:4.es. 

3 ; v c lV; a r a c ^e .r^ ^ J5 .e .d f r ,\ i ;t n , ,t hat 

; 4 l said -method; comprises : srr ■ j*. k ? ,. . . ^ _ ^ 

c5.t ;/ a), ., generating ri a,^igitaJL ^representation o± ja " 
: 6 ^.specified one of the, documents, in ,said series;* "Snd 

7 b) generating a catenate certificate value 

8 representation for said specified document by applying a 

9 deterministic function algorithm to a concatenation 

10 comprising said sp^cif^ and the 

11 catenate certificate yalue representation for the document 
12 "j next prior -in ; sai<^,sejdesj tp. ^aid, specified dopument , 

1 10. A method according to claim 9 

2 characterized in that 

3 said method f urth^ .(^pgr^s^ Repeating ..^said recited steps 

4 with, each subsequent document in r sai4 ^eries. 

1 11...: ; A. method raccording^to cla^m^lQ ...^ . _ v a . rj .^ 

2 characterized in that 

3 each said document representation is generated by applying 

4 a deterministic if unction aLgprithm to .said document. 
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1 12 . A method of time-stamping a digital ^document which 

2 comprises transmitting a digital representation of said 

3 document to an outside agency," creating at said outside 

4 agency a' receipt comprising" a digital representation of 

5 then current time and" at least' a portion of a digital 

6 representation of said digital document, and certifying 

7 said receipt at said outside agency 

8 characterized , in that 

9 the certifying of said receipt comprises: 

10 a) concatenating a digital representation of said 

11 receipt with a representation of a prior catenate 

12 certificate value to form a composite; and 

13 b) generating a catenate certificate value for said 

14 receipt by applying a deterministic function algorithm to 

15 said composite. 



1 13. A method of time-stamping a digital document 

2 according to claim 12 

3 characterized in that 

4 said outside agency maintains a record comprising the 

5 catenate certificate values of prior time-stamping 

6 transactions . 



1 14. A method of time-stamping a digital document 

2 according to claim 12 

3 characterized in that 

4 said receipted digital document representation comprises 

5 at least a portion of the digital representation of the 

6 value derived by application of a deterministic function 

7 algorithm to said digital document. 
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1^ 15. C .A ;: method of time-stamping a digital document 
2> according tp claim ; ,14. : 

3 ' , . g h a r *a c t, e. r~ i. % e d in that. 
. 4 said .digital value r.epr ( eaent:ation , is .^derived from the 

5 application of t a one-way hashing algorithm to said digital 
- 6 -document. ..... ^ > » ... 
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